Skip to main content Skip to complementary content

TPS-5620

Info Value
Patch Name Patch_20240823_TPS-5620_v1-8.0.1
Release Date 2024-08-23
Target Version 20211109_1610-V8.0.1
Product affected Talend SAP RFC Server

Introduction

This is a self-contained patch.

NOTE: For information on how to obtain this patch, reach out to your Support contact at Talend.

Fixed issues

This patch contains the following fixes:

  • TDI-46850 Upgrade ActiveMQ Jars (5.16.3)

  • TDI-46932 tSAPInput component parses TIMS Midnight as null when using dynamic schema

  • TDI-47241 CVE: log4j-api(core)-[2 - 2.15.0)

  • TDI-47325 Cannot create data source(SAP BW version 7.5)

  • TDI-47633 CVE: Replace log4j1.x by reload4j or upgrade to log4j2

  • TDI-47763 Assess Spring4Shell vulnerability

  • TDI-47861 CVE: tomcat-embed-core 9.0.30 have risk

  • TDI-47869 Authentication Bypass in Talend/tsap-rfc-server

  • TDI-47573 SAP RFC Server shouldn't be required when feature mode is mock

  • TDI-48107 CVE: gson-2.8.0.jar

  • TDI-48174 [CVE] : upgrade kafka-clients to 2.8.1

  • TDI-48471 Denial Of Service (DoS) in Talend/cloud-components (master)--snakeyaml 1.32

  • TDI-48726 Spring-beans: Denial Of Service (DoS) in Talend/tsap-rfc-server (master)---spring 5.3.23

  • TDI-48715 CVE-2022-42003,CVE-2022-42004, jackson-databind-2.13.2.2jar

  • TDI-48873 Upgrade slf4j to 1.7.34

  • TDI-48818 Kafka: Denial Of Service (DoS) in Talend/tsap-rfc-server, sap-api and cloud-components

  • TDI-48821 Apache common codec and Apache http client in Talend/talend-sap-api (master)

  • TDI-49303 Premium Data,commons-net:commons-net:(2.2,3.3,3.6,3.8.0)

  • TDI-49797 Access Restriction Bypass in Talend/tsap-rfc-server (master):org.springframework.boot:spring-boot-actuator-autoconfigure

  • TDI-50040 Security Bypass in Talend/tsap-rfc-server (master):spring-webmvc

  • TDI-50054 Remote Code Execution (RCE) in Talend/tsap-rfc-server (master)(kafka-clients:2.3.0-3.3.2)

  • TDI-50055 Denial Of Service (DoS) in Talend/tsap-rfc-server (master)( tomcat-embed-core:9.0.62)

  • TDI-50222 CVE-2023-20883 org.springframework.boot:spring-boot-autoconfigure 2.​7.​11 in Talend/tsap-rfc-server

  • TDI-50482 activemq-client:5.17.2 | CVE-2023-46604

  • TDI-50692 tomcat-embed-core:9.0.79 | CVE-2023-44487

  • TDI-50646 logback-core:1.2.10 | CVE-2023-6378

  • TDI-50151 Remote Code Execution (RCE) in Talend/tsap-rfc-server (master) - Spring boot 3 upgrade

  • TDI-51128 [8.0.1] SAP RFC communication

  • TDI-51441 CVE-2024-22262 org.springframework:spring-web 6.1.4

  • TDI-51485 CVE-2023-43642 org.xerial.snappy:snappy-java 1.1.10.1 [tsap-rfc-server]

Prerequisites

Consider the following requirements for your system:

  • Talend SAP RFC Server 8.0.1 must be installed. and work with Talend Studio 8.0.1 with patch "R2021-12" or newer
  • JDK 17+ is mandatory.

Installation

Installing the patch using Talend SAP RFC Server

  1. Stop the Talend SAP RFC Server
  2. Extract the zip.
  3. Overwrite the {sap rfc server home}/tsap-rfc-server-8.0.1.jar
  4. Overwrite the {sap rfc server home}/bin/start-tsaps.bat and start-tsaps.sh
  5. Adjust the new configuration in {sap rfc server home}/conf/tsap-rfc-server.properties, please refer to README.md file in the patch root folder.
  6. Restart the Talend SAP RFC Server

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here